Technische Universität Braunschweig
  • Study & Teaching
    • Beginning your Studies
      • Prospective Students
      • Degree Programmes
      • Application
      • Fit4TU
      • Why Braunschweig?
    • During your Studies
      • Fresher's Hub
      • Term Dates
      • Courses
      • Practical Information
      • Beratungsnavi
      • Additional Qualifications
      • Financing and Costs
      • Special Circumstances
      • Notes on the coronavirus
      • Health and Well-being
      • Campus life
    • At the End of your Studies
      • Discontinuation and Credentials Certification
      • After graduation
      • Alumni
    • For Teaching Staff
      • Strategy, Offers and Information
      • Learning Management System Stud.IP
      • Teaching and Media Education
    • Contact
      • Study Service Centre
      • Academic Advice Service
      • Student Office
  • Research
    • Research Profile
      • Core Research Areas
      • Clusters of Excellence
      • Research Projects
      • Research Centres
      • Professors‘ Research Profiles
    • Early Stage Researchers
      • Promotion of early career scientists
      • PhD-Students
      • Postdocs
      • Junior research group leaders
      • Junior Professorship and Tenure-Track
      • Habilitation
      • Service Offers for Scientists
    • Research Data & Transparency
      • Transparency in Research
      • Research Data
      • Open Access Strategy
      • Digital Research Announcement
    • Research Funding
      • Research Funding Network
      • Research funding
    • Contact
      • Research Services
      • Academy for Graduates
  • International
    • International Students
      • Why Braunschweig?
      • Degree seeking students
      • Exchange Studies
      • TU Braunschweig Summer School
      • Refugees
      • International Student Support
    • Going Abroad
      • Internships abroad
      • Teaching and research abroad
      • Working abroad
    • International Scientists
      • International Postdocs and Professors
      • International PhD Scholars
      • Service for host institutes
    • Language and intercultural competence training
      • Learning German
      • Learning Foreign Languages
      • Intercultural Communication
    • International Profile
      • Internationalisation
      • International Cooperation
    • International House
      • About us
      • Contact & Office Hours
      • News and Events
      • Newsletter, Podcast & Videos
      • Job Advertisements
  • TU Braunschweig
    • Our Profile
      • Aims & Values
      • Regulations and Guidelines
      • Alliances & Partners
      • The University Development Initiative 2030
      • Facts & Figures
      • Our History
    • Career
      • Working at TU Braunschweig
      • Vacancies
    • Economy & Business
      • Entrepreneurship
    • General Public
      • Access to the University Library
    • Media Services
      • Communications and Press Service
      • Services for media
      • Film and photo permits
      • Advices for scientists
      • Topics and stories
    • Contact
      • General Contact
      • Getting here
  • Organisation
    • Presidency & Administration
      • Executive Board
      • Designated Offices
      • Administration
      • Committees
    • Faculties
      • Carl-Friedrich-Gauß-Fakultät
      • Faculty of Life Sciences
      • Faculty of Architecture, Civil Engineering and Environmental Sciences
      • Faculty of Mechanical Engineering
      • Faculty of Electrical Engineering, Information Technology, Physics
      • Faculty of Humanities and Education
    • Institutes
      • Institutes from A to Z
    • Facilities
      • University Library
      • Gauß-IT-Zentrum
      • Personnel Development
      • International House
      • The Project House of the TU Braunschweig
      • Sports center
      • Facilities from A to Z
    • Equal Opportunity Office
      • Equal Opportunity Office
      • Family
      • Diversity for Students
  • Search
  • Quicklinks
    • People Search
    • Webmail
    • cloud.TU Braunschweig
    • Messenger
    • Cafeteria
    • Courses
    • Stud.IP
    • Library Catalogue
    • IT Services
    • Information Portal (employees)
    • Link Collection
    • DE
    • EN
    • Facebook
    • Twitter
    • Instagram
    • YouTube
    • LinkedIn
    • Mastodon
Menu
  • Technische Universität Braunschweig
  • Organisation
  • Faculties
  • Carl-Friedrich-Gauß-Fakultät
  • Institutes
  • Institute for Application Security
  • Team
  • David Klein
Logo Institut für Anwendungssicherheit der TU Braunschweig
  • Team
    • Prof. Dr. Martin Johns
    • Alexandra Dirksen
    • Jannik Hartung
    • Manuel Karl
    • Robin Kirchner
    • David Klein
    • Simon Koch
    • Robert Michael
    • Malte Wessels

David Klein

David Klein

David Klein is a PhD Candidate since October 2018. His research interests include static and dynamic analysis, program transformations, web security and privacy.

Room 209A

david.klein[at]tu-braunschweig.de

0531/391-2293

Publications

General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications
David Klein, Benny Rolle, Thomas Barber, Manuel Karl, Martin Johns
To appear at the 30th ACM Conference on Computer and Communications Security (CCS), 2023  [BIB]

Accept All Exploits: Exploring the Security Impact of Cookie Banners
David Klein*, Marius Musch*, Thomas Barber, Moritz Kopmann, and Martin Johns
Proc. of the 37th Annual Computer Security Applications Conference (ACSAC), 2022  [BIB]

Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions
David Klein, Thomas Barber, Souphiane Bensalim, Ben Stock, and Martin Johns
Proc. of the IEEE European Symposium on Security and Privacy (Euro S&P 2022)  [BIB]

LogPicker: Strengthening Certificate Transparency Against Covert Adversaries
Alexandra Dirksen, David Klein, Robert Michael, Tilman Stehr, Konrad Rieck and Martin Johns.
Proceedings on Privacy Enhancing Technologies (PETS'21)  [BIB]

Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis
Souphiane Bensalim, David Klein, Thomas Barber, Martin Johns
Proceedings of the 14th European Workshop on Systems Security (EuroSec '21) [BIB]

Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning
Erwin Quiring, David Klein, Daniel Arp, Martin Johns and Konrad Rieck
Proc. of the 29th USENIX Security Symposium, August 2020 [BIB]

Deploying Contextual Computing in a Campus Setting
Fabio Aversente, David Klein, Schekeb Sultani, Dmitri Vronski, and Jörg Schäfer
Eleventh International Network Conference (INC), 2016

Implementing Situation Awareness for Car-to-X Applications using Domain Specific Languages
Jörg Schäfer, and David Klein
Proceedings of the 77th IEEE Vehicular Technology Conference (VTC), 2013

Talks

Exploring Synergies Between Privacy and Security Enhancing Technologies [Slides]
German OWASP Day '23, 30.-31.5.2023, Frankfurt am Main, Germany

Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions [Slides]
RuhrSec '23, 11.-12.5.2023, Bochum, Germany

Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions [Slides]
OWASP Global AppSec, 17.11.2022, San Francisco, USA

PC Member

Year Conferences
2023 WORMA 2023

Sub-Reviews

Year Conferences
2023 S&P, CCS
2022 S&P, EuroS&P (external), WWW, ACSAC, CODASPY, SAC, ARES
2021 WWW, CODASPY, SAC, ARES, ACSAC,
2020 WWW, EuroS&P, CODASPY, SAC, ICWE, ACSAC
2019 ACSAC, CODASPY, SAC, ICWE
2018 CODASPY, SAC, ACSAC
Vulnerabilities

I enjoy breaking stuff and helping people fix vulnerabilities.

  • CVE-2022-36020: Typo3 HTML Sanitizer is vulnerable to XSS payloads enclosed in particular HTML comment combinations.

  • CVE-2022-23499: Typo3 HTML Sanitizer can be bypassed by embedding the payload in CDATA or by mutating our of RAWTEXT elements.

  • CVE-2023-23627: Ruby sanitize can be bypasses due to parsing differentials related to the noscript tag.

  • CVE-2023-38500: Typo3 HTML Sanitizer does not parse noscript tags as a browser does, opening the door for bypasses.

Teaching Assistant
Year Semester Name
2023 SoSe Programmieren I
2023 WS Websicherheit (Seminar), Hacklab
2022 SoSe Websicherheit (Seminar)
2022 WS Websicherheit (Seminar), Hacklab
2021 SoSe Websicherheit (Seminar)
2020 WS Websicherheit (Seminar)
2020 SoSe Programmieren II, Anwendungssicherheit (Seminar)
2019 WS Programmieren I, Anwendungssicherheit (Seminar)
2019 SoSe Programmieren I
2018 WS Programmieren I
Photo credits on this page

For All Visitors

Vacancies of TU Braunschweig
Career Service' Job Exchange 
Merchandising

For Students

Term Dates
Courses
Degree Programmes
Information for Freshman
TUCard

Internal Tools

Glossary (GER-EN)
Change your Personal Data

Contact

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig

P. O. Box: 38092 Braunschweig
GERMANY

Phone: +49 (0) 531 391-0

Getting here

© Technische Universität Braunschweig
Imprint Privacy Accessibility

TU Braunschweig uses the software Matomo for anonymised web analysis. The data serve to optimise the web offer.
You can find more information in our data protection declaration.